diff --git a/jetty-server/src/main/java/org/eclipse/jetty/server/handler/ContextHandler.java b/jetty-server/src/main/java/org/eclipse/jetty/server/handler/ContextHandler.java index 17009bc854a..a699d0f8555 100644 --- a/jetty-server/src/main/java/org/eclipse/jetty/server/handler/ContextHandler.java +++ b/jetty-server/src/main/java/org/eclipse/jetty/server/handler/ContextHandler.java @@ -1867,8 +1867,6 @@ public class ContextHandler extends ScopedHandler implements Attributes, Server. query = uriInContext.substring(q + 1); uriInContext = uriInContext.substring(0,q); } - // if ((q = uriInContext.indexOf(';')) > 0) - // uriInContext = uriInContext.substring(0,q); String pathInContext = URIUtil.canonicalPath(URIUtil.decodePath(uriInContext)); if (pathInContext!=null) diff --git a/jetty-servlet/src/test/java/org/eclipse/jetty/servlet/DispatcherTest.java b/jetty-servlet/src/test/java/org/eclipse/jetty/servlet/DispatcherTest.java index 99f22453bac..36c1a88bbab 100644 --- a/jetty-servlet/src/test/java/org/eclipse/jetty/servlet/DispatcherTest.java +++ b/jetty-servlet/src/test/java/org/eclipse/jetty/servlet/DispatcherTest.java @@ -232,7 +232,20 @@ public class DispatcherTest _contextHandler.addServlet(DispatchServletServlet.class, "/dispatch/*"); _contextHandler.addServlet(RogerThatServlet.class, "/roger/that"); - String requests="GET /context/dispatch/test?forward=%2e%2e/roger/that HTTP/1.0\n" + "Host: localhost\n\n"; + String requests="GET /context/dispatch/test?forward=/%2e%2e/roger/that HTTP/1.0\n" + "Host: localhost\n\n"; + + String responses = _connector.getResponses(requests); + + assertThat(responses,startsWith("HTTP/1.1 404 ")); + } + + @Test + public void testServletForwardEncodedDotDot() throws Exception + { + _contextHandler.addServlet(DispatchServletServlet.class, "/dispatch/*"); + _contextHandler.addServlet(RogerThatServlet.class, "/roger/that"); + + String requests="GET /context/dispatch/test?forward=/%252e%252e/roger/that HTTP/1.0\n" + "Host: localhost\n\n"; String responses = _connector.getResponses(requests);